When you use the line command

GRANT3779 · ‎05-08-2014

Hi There,

I am creating a new ACL on an ASA.

I used the following commands

access-list VLAN127_IN line 20 remark ***Deny Traffic to Rest of Lan***
access-list VLAN127_IN line 30 extended deny ip 192.168.127.0 255.255.255.0 10.0.0.0 255.0.0.0 (hitcnt=0) 0x44b972b4
access-list VLAN127_IN line 40 extended deny ip 192.168.127.0 255.255.255.0 172.16.0.0 255.240.0.0 (hitcnt=0) 0xd0b6df6b
access-list VLAN127_IN line 50 extended deny ip 192.168.127.0 255.255.255.0 192.168.128.0 255.255.255.0 (hitcnt=0) 0xded09fe7

etc..

So I ever need to squeeze a new line in the middle of the ACL at any point I could use a number in between the current lines.

When I do a show access-list however it hasn't used my increments of 10, 20, 30 etc..The lines just go up 1,2,3,4 etc..

Is there a way round this?

access-list VLAN127_IN line 2 remark ***Deny Traffic to Rest of Lan***
access-list VLAN127_IN line 3 extended deny ip 192.168.127.0 255.255.255.0 10.0.0.0 255.0.0.0 (hitcnt=0) 0x44b972b4
access-list VLAN127_IN line 4 extended deny ip 192.168.127.0 255.255.255.0 172.16.0.0 255.240.0.0 (hitcnt=0) 0xd0b6df6b
access-list VLAN127_IN line 5 extended deny ip 192.168.127.0 255.255.255.0 192.168.128.0 255.255.255.0 (hitcnt=0) 0xded09fe7

kevin_giusti · ‎05-08-2014

When you use the line command with an access list it will insert the ACL in that spot and increment all lower entries by 1.

You shouldn't need to use increments of 10, 20, 30 since the ASA ACLs are pretty flexible but if you wanted to you would have to use the line command in your ACL.

Thanks,

Kevin

ACL on ASA - line command